Author: Vatsala Singh Bhadauria, Advocate, Delhi High Court
Until 2020 no regulations were governing the digital/ online media or OTT platforms. By and large, the type of disputes (such as abusive movie dialogue, offensive songs, defamatory tweets) arising on social media platforms or digital media portals, are dealt with numerous laws including IT Act.
Although social media giants do have a certain regulatory mechanism in place, are they enough? It is a general norm that a complaint to take down certain content from Facebook or Twitter, for example, remains unaddressed and the content actively stays on. Such is the influence and expanse of social media that it is an open secret that these private entities actively engage in influencing elections campaigns and results in other countries of the world.[i] Regulation of the internet and accountability of social media has always been a hot topic and has invited its share of debate and controversy over where to draw the line between regulation and interference with privacy rights. The rapid increase in social media use and importance increased the number and variety of disputes.
Unlike electronic and print media, digital media and OTT platforms have remained unregulated in India, until recently. On February 25, 2021, the Government brought in new sets of rules in the existing Information and Technology Act, 2000 (also referred to as the “IT Act”), called ‘Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021’(also referred as “Digital Media Ethics Code”/ “the Rules”)[ii]. The Rules has received severe backlash for being a blatant violation of the fundamental right of freedom of speech and expression enshrined under Article 19(1)(a) and an accessory for the government to control the as called ‘free space i.e. internet’.
In this chapter, we will highlight the more nuanced issues associated with the rules such as:
1. Whether the Rules expand the scope of the Information and Technology Act, 2000?
2. Whether proper procedure was followed in passing these rules without a parliamentary debate?
3. Where is the role of the judiciary?
4. How will the ramifications of these Rules affect the Data Protection Bill/ Privacy Bill?
1. Does the present ethics code expand the scope of the IT Act?
There were no enactments or rules or regulation in place to govern social media platforms, content or content creators. More so, the online content industry did not come within the purview of the IT Act itself, and certain checks and balances were being kept in place by drawing powers from different sections, including Section 66A.
On November 9th, 2020 the Government remedied the preclusion of Digital/ Online Media[iii] platforms from the IT Act. The Rules have been released as detailed guidelines[iv] for complying with the existing provisions of the IT Act. As said by Law Minister Ravi Shankar Prasad, the government has not framed any new law, these are the ‘rules’ under the existing law. As per the IT Act, the Central Government has the authority to issue guidelines concerning the liability of the intermediaries or provide for procedure and safeguards[v] for blocking certain information from public access.
Despite the dubious approach of the government, which chose not to table the new rules before the Parliament or even release a white paper on it for much needed public discussion and scrutiny, the Rules per se cannot be said to have expanded the scope of the IT Act. The question thus arises: has the November 2020 notification given free rein to the MeiTY, which administers licensing and censorship powers over cinema, TV, Radio – over social media, too?
2. What is the role of the judiciary?
The Rules envision a new, three-tiered mechanism for redressal of complaints, with the Joint Secretary to the Government of India having ultimate control in treating emergency cases and those of immediate significance. This constitutes clear overreach on behalf of the government, as the aforesaid structure allows for lateral action from the top, by passing the other tiers – an action that is envisioned to be entirely bureaucratic. The issue here is whether the government can adjudicate on a matter which would ideally fall within the mandate of the judiciary, if not for the trivial fact that currently, the courts have no explicit laws to read such matters with (coincidentally, a circumstance contrived by the government)! It sets a bad precedent for the government to bypass the judiciary, simply for the sake of expediency, given how wide ambit of operation they seem to be providing themselves.
Let us look at the archetypal in the probably hypothetical case – person A’s content and/or their access to a platform being revoked at the oversight officer’s behest, leading – in 3 cases out of 10 – to court, that too under article 19 (1) (a) {for whose remedy one may approach a High Court or the Supreme Court}, resulting in a protracted struggle wasting time and other resources. Therefore, such methods to ‘expedite’ matters may end up only prolonging them even further.
3. What will be the impact on the upcoming data protection bills/ privacy rights? Is the government giving leeway to tech companies to snoop on personal messages? Is IT law equipped to handle the 'data privacy’ aspect?
The Internet is a medium that has facilitated free speech. The government’s dictum to social media platforms is problematic in two regards –
1. By necessitating storage of user data for the last 6 months (up from the earlier threshold of 3 months), they have substantially increased the amount of data such entities would have access to, even for those users who have technically ‘deleted’ their accounts on such platforms – clearly not a good thing, given that reducing the amount of personal data private players have access to is a key aspect of any regulation of any kind over the Internet.
2. Through the proviso that requires such platforms to break tradition and provide ID details of individuals who post content that the government is investigating (especially those about ‘national security’ and ‘sovereignty’), the government sails into very murky waters, as such a compulsion also extends to end-to-end encryption – easily the holy grail of secure online communications today. Concerns have been raised about the technical feasibility of allowing for such a caveat, without introducing a weak link in the security chain that may be exploited (with disastrous results) by bad actors.
Introducing provisions with such massive knock-on effects raises questions about their compatibility with the fundamental right to privacy. What makes this even more worrisome, is not just the lack of parliamentary deliberation a priori, but that of parliamentary oversight a posteriori. With past incidents of government bodies requisitioning private user data for investigations dealing with much more mundane matters (and thankfully, being denied), one wonders what would occur when they don’t have to go to court to get them.
As of today, you and I have no right by statute to protect our information, thus increasing the need for the much-awaited Personal Data Protection Bill. Regulations themselves aren't a bad thing, had there been (effective) self-regulation by the companies themselves, the government wouldn’t have had to step in. Now, to level the playing field, not just this government, but any, would be obligated to take some steps.
Yet, the government’s lament of ‘national security’, often misused using ham-handed shutdowns of the Internet in the past, now finds utterance in the Rules. Ultimately, even though the implementation of these regulations may solve some of the problems we face online, history is witness that using a hammer to kill a fly is never in the larger interest.
[iv]Section 79(2)(c) of the Information and Technology Act, 2000https://www.indiacode.nic.in/bitstream/123456789/1999/3/A2000-21.pdf
[v]Ibid. Section 69A(2)